package com.surazezhu.xunwuproject.config;

import com.surazezhu.xunwuproject.security.AuthProvider;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
 * @author:SuarezZhu Date:2018/8/8 Time:17:22
 */
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * HTTP权限控制
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {


        // 资源访问权限
        http.authorizeRequests()
                .antMatchers("/admin/login").permitAll() // 所有人都可以登陆管理员登录入口
                .antMatchers("/static/**").permitAll() // 静态资源
                .antMatchers("/user/login").permitAll() // 用户登录入口
                .antMatchers("/admin/**").hasRole("ADMIN")//需要管理员权限
                .antMatchers("/user/**").hasAnyRole("ADMIN", "USER")//需要管理员权限或者普通用户
                .antMatchers("/api/user/**").hasAnyRole("ADMIN", "USER")
                .and()//使用add结尾
                .formLogin()
                .loginProcessingUrl("/login") ;// 配置角色登录处理入口
//                .failureHandler(authFailHandler())//登陆错误 逻辑
//                .and()
//                .logout()//跳转注销界面
//                .logoutUrl("/logout")//处理逻辑跳转
//                .logoutSuccessUrl("/logout/page")//处理页面跳转
//                .deleteCookies("JSESSIONID")
//                .invalidateHttpSession(true)
//                .and()
//                .exceptionHandling()
//                .authenticationEntryPoint(urlEntryPoint())//自定义的用户入口
//                .accessDeniedPage("/403");//无权访问的提示页面

        http.csrf().disable();//跨域请求伪造 防御
        http.headers().frameOptions().sameOrigin();
    }

//    /**
//     * 自定义认证策略
//     */
    @Autowired
    public void configGlobal(AuthenticationManagerBuilder auth) throws Exception {
       auth.authenticationProvider(authProvider()).eraseCredentials(true);
//        auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN").and();内存测试成功，说明数据库读取问题
    }
//新建了security的包 认证提供
    @Bean
    public AuthProvider authProvider() {
        return new AuthProvider();
    }
//
//    @Bean
//    public LoginUrlEntryPoint urlEntryPoint() {
//        return new LoginUrlEntryPoint("/user/login");
//    }
//
//    @Bean
//    public LoginAuthFailHandler authFailHandler() {
//        return new LoginAuthFailHandler(urlEntryPoint());
//    }
//
//    @Bean
//    public AuthenticationManager authenticationManager() {
//        AuthenticationManager authenticationManager = null;
//        try {
//            authenticationManager =  super.authenticationManager();
//        } catch (Exception e) {
//            e.printStackTrace();
//        }
//        return authenticationManager;
//    }
//
//    @Bean
//    public AuthFilter authFilter() {
//        AuthFilter authFilter = new AuthFilter();
//        authFilter.setAuthenticationManager(authenticationManager());
//        authFilter.setAuthenticationFailureHandler(authFailHandler());
//        return authFilter;
//    }
}
